Pharma in Focus

by Matt Kelly on April 12th, 2018

Pharma in Focus

The pharmaceutical and healthcare worlds were set abuzz earlier this year when the Justice Department released a fresh memo about enforcement of the False Claims Act — the law bars government contractors from defrauding the government, and allows whistleblowers to file “qui tam” lawsuits against those contractors on behalf of the government.

The so-called “Granston Memo” said the Justice Department would now be more aggressive in arguing to dismiss frivolous FCA whistleblower lawsuits. Historically, the department intervened in favor of promising cases, but left more questionable cases to any whistleblower who wanted to press the case at his or her own expense.

Good news, right? The False Claims Act has been a huge risk for companies in healthcare and pharma, critics say; it’s about time regulators help businesses quash ridiculous cases that can drag on for years and cost a fortune even when the supposed whistleblower has no credible evidence of wrongdoing.

That’s not an unreasonable perspective, but it does ignore one question crucial for ethics and compliance officers.

Who cares?

Perhaps the Justice Department will seek to dismiss FCA cases more often (although that’s a big if, considering the billions of dollars Uncle Sam receives each year from successful qui tam lawsuits). Your legal department down the hall might even welcome this supposed policy change as a valuable card to play, should an FCA lawsuit land on the company’s desk.

For compliance officers, however, all this discussion is simply another reminder that compliance and legal are not the same function. They can help each other, and sometimes complement each other — but ethics and compliance has a much broader purpose that transcends the Granston Memo’s point.

Remember the Compliance Mission

As cliche as it may sound, the fundamental mission of the corporate ethics & compliance function is to uncover the truth about conduct at your organization. Sometimes that takes the form of a savvy risk assessment, to pinpoint exactly how much risk you face from certain third parties or business transactions. Other times you find the truth through testing internal controls to see which policies and procedures actually do steer corporate conduct in the ways management wants.

Above all, however, compliance officers want to cultivate a culture where employees tell you the truth about what’s going on, and tell you voluntarily. And lest anyone dismiss “speak-up culture” as another cliche in this line of work — picture a culture of silent, disinterested employees, and tell me how a world like that prevents problems.

That need for a speak-up culture exists in tension with ideas such as the Justice Department seeking to dismiss FCA whistleblower lawsuits (even frivolous ones, since “frivolous” often in the eye of the whistleblower). For that matter, it also exists in tension with the Supreme Court’s recent ruling that Dodd-Frank Act whistleblower protections do not apply to employees who only report misconduct internally.

The flip side to a speak-up culture — that world, seen from the employee’s perspective — is a you are heard culture. That culture requires patience and respect, and employees need to see those values in practice. To someone considering whether to report misconduct, the mere prospect of a larger power quashing his good intentions will give the would-be whistleblower pause.

Compliance officers, however, need to keep focusing on communications and training that hit those keynotes of anti-retaliation, respect for whistleblowers, and diligent, objective investigation of complaints — even the weird ones, that may indeed be frivolous.

If the organization has invested in a strong compliance program, with clear policies, procedures, documentation, and autonomy for the compliance and ethics function; that should generate sufficient evidence for legal department to disprove a frivolous case anyway.

We should have no illusions that compliance with the False Claims Act is as simple as what’s outlined above; I know it’s not. But we should have no illusions that the Granston Memo will be some great salve for ethics and compliance functions, because that’s not the case either.

Building a comprehensive structure for your compliance program is essential to effectively and efficiently mitigate risk. And while risks vary from one company to another based on industry, location, and partners – thereby disqualifying any one-size-fits-all compliance program – the underlying structure of a program can, to a reasonable extent, be broken down into a set of components.